[ https://issues.apache.org/jira/browse/SENTRY-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16509029#comment-16509029 ]
Hadoop QA commented on SENTRY-2264: ----------------------------------- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12927391/SENTRY-2264.001.patch against master. {color:red}Overall:{color} -1 due to 7 errors {color:red}ERROR:{color} mvn test exited 1 {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hive.TestOperationsPart2 {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hive.TestOperationsPart1 {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.dbprovider.TestDbOperationsPart2 {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.dbprovider.TestDbOperationsPart2 {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.dbprovider.TestDbOperationsPart1 {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.dbprovider.TestDbOperationsPart1 Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3874/console This message is automatically generated. > It is possible to elevate privileges from DROP using alter table rename > ----------------------------------------------------------------------- > > Key: SENTRY-2264 > URL: https://issues.apache.org/jira/browse/SENTRY-2264 > Project: Sentry > Issue Type: Bug > Components: Sentry > Affects Versions: 2.1.0 > Reporter: Na Li > Assignee: Na Li > Priority: Major > Attachments: SENTRY-2264.001.patch > > > After introducing FGP, a user with only DROP on a database db1 and at least > CREATE on db2 can run ALTER TABLE RENAME db1.table1 db2.table2, and thus > elevate their privileges. > To reproduce: > As admin (e.g. hive): > 1. Create db1, db1.table1, db2, role r1. > 2. Grant DROP on db1 to role r1. > 3. Grant ALL on db2 to role r1 > 4. Grant role r1 to user testuser1. > As testuser1: > 1. use db1; alter table db1.table1 rename to db2.table1 > 2. select * from db2. table1 > Result: the select command succeeds. > Desired behavior: > we should at least require following privileges to execute the table rename > command: > table level "SELECT" and database level "DELECT" at source > database level "CREATE, INSERT, ALTER" at destination. -- This message was sent by Atlassian JIRA (v7.6.3#76005)